Did you hear the worse cyber insurance horror story? It’s a denial of cyber insurance coverage due to a catastrophic cyber event. Nowadays every company needs to think in terms of cyber resilience, and cyber insurance is no joke at all, it even is an important part of any company.
This is the top 4 tips everyone needs to consider when looking to buy cyber insurance coverage.
Tip 1. If this question pops, what is cyber insurance and do I have it? If you don’t know the answer, you probably do not have it purchased at all.
Keep in mind that cybersecurity events are a common exclusion across general liability policies and require their own standalone policy. Because of its relative newness, policies are not standard. So, it is important to carefully review your cyber insurance options and not just lay on the idea that if you got a premium coverage you are fully protected.
Tip 2. Read every aspect of your insurance policy.
Cyber insurance coverage is tricky this is why it’s incredibly important to review every aspect of it. It is inevitable that every insurance policy has different terms that govern the policy that is legally defined terms in the policy itself. So, if a dispute arises as to whether an event is covered in an insurance policy, a court is going to look at the four corners of the actual insurance policy and will not likely consider evidence of what you were told at the time you bought the policy.
If there is a dispute later, a court will look to the written agreement between the parties. Just read the policy is now — not during an event, if you do not want major surprises in case of a cyberattack.
For example, many policies have a: social engineering exclusion. Meaning that if there are damages done through phishing and sometimes even ransomware, the insurance is invalidated.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Tip 3. Choose the insurance that doesn’t have brutal exclusions in its agreement
Cyberattacks on companies its synonymous with big money loss and insurance companies know this. This is why phishing, ransomware and business email compromise events are used as common exclusions. Wire transfer fraud is often not covered too.
Also, many policies contain a summary of coverage pages that set out the sum for coverages. Here you have to be careful because if you are not you will have to pay big extra bucks or even getting nothing at all if your company gets hacked. This walkarounds are a gold mine for the insurance companies and are hidden deep in the policy. For example in one case, a social engineering sublimit of $100,000 was buried on page 54 of a 66-page PDF, meaning that everything that goes up that limit it is not covered. It also contained a $50,000 retention fee that must be paid out of pocket by the company before coverage is triggered.
No matter your industry or business model, having a cybersecurity lawyer help navigate the insurance coverage matrix and negotiate coverage.
Tip 4. Always negotiate everything before, not after a breach
To put it simply: always try to negotiate better coverage: ask for lower retentions and higher sublimits.
If you have a favorite forensic team, ask that members be included as your chosen provider in the event of a breach. Because insurance companies often provide low-rated forensics teams in case of a cyber attack.
Always make a specific request for the people you know and trust. Then, when the cyber attack hits, you will have your best team at your back versus a crew arriving from out of the bottom of the market.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber-attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.